-
Posts
15,289 -
Joined
-
Last visited
-
Days Won
436
Everything posted by requinix
-
Oh, that's what the file was? I think the issue is in {$smarty.request.search|escape:'htmlall'} That's the only place that uses unknown input. The search was an array, as in search[]=.... Submit a regular search, then go into your browser's address bar and add brackets to the search=. Then see what happens. How to fix that, it's kinda up to you. Standard MVC is that you should be passing the search value into the view, not getting it from the request. If you did that then you would validate the search value in your regular code: the 404 page, and any other place that ends up including top_menu_bar. Right, yes, you did post the code I asked about. What I meant was "well that's not where the problem is". Was rather ambiguous, now that I look at it again.
-
Well that's not it. Most recent template was Smarty_Internal_Template._subTemplateRender("file:page_elements/top_menu_bar.tpl", null, null, "0", "120", Array[0], "0", false) What's in that file?
-
If you skip over the template stuff in the backtrace, you'll see these two lines: include("/home/siteaddress/public_html/errors/404.php") # line 34, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php Product.init("api") # line 5, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php What is the code for function.load_product.php?
-
Get your proof by recording activity according to the user's account, not their IP address. After all, they have to be logged in to see stuff. If the account has been active enough then you don't allow the refund. Then it doesn't matter whether someone browses with Tor or not. Or whether they browse from home, or the office, or their phone, or anywhere else that there will be a different IP address. Give previews of content so that people have some idea what they could get, then charge for full access. But yeah, there's basically nothing you can do to stop people from copying the content while they have access to it and then using the copies when their access expires or gets cancelled. You can try to spot abuse with scraping, with bad repeat customers, with content sharing, and any other way you can, but ultimately you cannot stop everything. Make it easy for people to get what they want and they'll be less likely to fight the system, then track what they do so you can give yourself some degree of confidence that you're able to detect typical levels of abuse.
-
Wait a minute. Your goal here is to not issue refunds to people who have paid money for use of your site and have used the site enough that you feel they have received their money's worth, right? We're talking about money here. Aren't you dealing with user accounts to do this? User creates an account, spends money, and gets content?
-
Is there a particular reason you want to block people from trying to browse the internet anonymously? Not everyone has the kind of freedoms that the western world gets to enjoy.
-
You're off to a surprisingly good start, actually. Most people who are like "I'll just make a database for it" just kinda go for it without really knowing what they're doing. That said, you're a treasurer. You have a rather important job of keeping very good track of money. You need detailed records of everything that happens, not just a summary of it all. So here's the database design I'm thinking of: units tenancies charges payments ----- --------- ------- -------- ID ID ID ID number unit ID tenant ID charge ID notes tenant date date start date amount amount end date? notes notes There are four concepts involved here: 1. The units. You could go with just numbers but that doesn't allow you do do anything else with the concept. 2. Tenants. It's one thing to track payments against units, but units don't make payments. People do. And people move in and out of units all the time. You should be able to differentiate between payment #100 for unit #1234 made by John Smith and payment #101 for unit #1234 by the new occupant Jane Doe. 3. Charges. Because how can you record a payment of $100 when you don't even know what it's for? 4. Payments. You may only want this system to tell you who is up to date with payments, but what you need is to be able to know every little detail about how money is changing hands. I imagine you would use the system something like this: A new tenant is moving into the area. You open the application and go to the page where you manage tenants. You open the details for the unit they will be moving into and see that your system correctly thinks it's unoccupied (having handled the previous tenant's previous moving out earlier). You enter their name and start date and save. A new month starts and new HOA dues are required from each unit. You open up the application and go to the page where you enter new charges. You tell it that you want to enter a new charge for all currently-occupied units and how much the dues are. The system tells you that it created new charges for some number of units. You receive a check for from some unit. You open up the application and go to the page where you enter new payments being made, and it asks you for the unit. On the next page, it presents you with the current state of that unit: who lives there, what charges they've owed, and what payments have been made. The page tells you that they have not yet paid (fully) for a particular charge. You look at the check, confirm the name and address on it, confirm that the charge they wrote as a note is indeed what they still need to pay, and confirm that they aren't overpaying. You select that charge, enter the amount paid, and save. The system tells you that they've fully paid for that charge (or not), and perhaps also lists any other charges still unaccounted for. The HOA comes to you and asks for a report of everybody who hasn't paid their dues yet. You go to a reports page, then to the page that can tell you about outstanding charges. You select the charge corresponding to the month's dues and the system tells you each occupant who hasn't paid (fully) yet. An IRS agent comes knocking to conduct an audit. You go to a reports page that tells you all activity over a date period. You select the past year and the system tells you about every charge and every payment, and even summarizes it. The IRS agent compares your printout to their notes, frowns, and tells you that everything is in order. You then wake up from your dream and wish audits were that simple.
-
By putting it in the prototype instead of directly on the object instance. Using the prototype means everyone calls the same function, literally, while putting it on the instance means everybody is calling their own version of the function. Or are you asking how that mechanism works?
-
Trying to compress and make my code faster
requinix replied to mongoose00318's topic in PHP Coding Help
Here's the structure of how your queries are run: foreach "SELECT * FROM production_data ORDER BY enterprise, job_number, TRIM(line_item) ASC" { $status_qc = "SELECT <status_id> FROM production_status WHERE order_id = <production_data.id> AND dept_code = <10> ORDER BY submit_time DESC LIMIT 1"; $status_thermoforming = "SELECT <status_id> FROM production_status WHERE order_id = <production_data.id> AND dept_code = <6> ORDER BY submit_time DESC LIMIT 1"; $status_vinylpaint = "SELECT <status_id> FROM production_status WHERE order_id = <production_data.id> AND dept_code = <5> ORDER BY submit_time DESC LIMIT 1"; $status_finalassm = "SELECT <status_id> FROM production_status WHERE order_id = <production_data.id> AND dept_code = <7> ORDER BY submit_time DESC LIMIT 1"; $status_crateship = "SELECT <status_id> FROM production_status WHERE order_id = <production_data.id> AND dept_code = <8> ORDER BY submit_time DESC LIMIT 1"; } There are two complications in here: the fact that your departments are dynamic but your code cares about five specific ones, and that you want the most recent record for an order per department. This means that while all six of these queries could be combined into one, you'd end up with one query that uses 10 joins. That sucks. So I think I would settle for two queries: getting everything you want from production_data, but before that getting the most recent status per department for all orders. With some quick preprocessing on that you could look up each status very quickly. SELECT p1.order_id, p1.dept_code, p1.status_id FROM production_status p1 LEFT JOIN production_status p2 ON -- find similar records p1.order_id = p2.order_id AND -- ...for the same order p1.dept_code = p2.dept_code AND -- ...and the same department p2.submit_time > p1.submit_time -- ...and that come after the row that p1 found WHERE p1.dept_code IN (5, 6, 7, 8, 10) AND -- limit to department we care about p2.id IS NULL -- filter to keep only the p1 rows that didn't have later p2 rows $statuses = []; // foreach $row from that query { if (!isset($statuses[$row["order_id"]])) { $statuses[$row["order_id"]] = []; } $statuses[$row["order_id"]][$row["dept_code"]] = $row["status_id"]; // } -
I could write a huge reply, but it'll be easier for me to just point you to MDN.
-
Trying to compress and make my code faster
requinix replied to mongoose00318's topic in PHP Coding Help
Almost certainly. What's the code for those functions? -
Trying to compress and make my code faster
requinix replied to mongoose00318's topic in PHP Coding Help
The source of the slowness is going to be database queries - nested switches won't be much of a problem (as far as the PHP engine is concerned). I'm concerned about all those get_user_dept and get_order_status calls. Do they do database queries? About cleaning up the code, I'm sorry but that's way too much for me personally to bother with. My advice is to improve it one step at a time: find out the differences between each switch case, pull them out into something more manageable (like an array), and build your HTML using data from it. For example, the $user_dept_code=4/9 > $status_qc switch has all the buttons looking the same except for a CSS class or two and the inner text. Take those differences out into an array like [ 1 => ["btn-warning", "In Progress"], 2 => ["btn-danger", "Delayed"], 3 => ["btn-success", "Finished"], ... ] You can look up the CSS class and text using $status_qc. You may also discover that you messed up some of the markup. And please, do yourself a favor and create your own CSS classes. All those inline styles are bad. -
Not with the way your code is written, no. I trust you're familiar with prototyping? Employee and SalesPerson both set up their methods through assignment. It works, but it's not modern Javascript. Using prototyping the code would be function Employee(foo) { this.foo = foo; this.name = ''; this.dept = 'general'; } Employee.prototype.method1 = function() { console.log('method1: ' + this.foo); } Now see what happens with and without those two lines. Using a prototype gives you "inheritance" without any additional work. There's one copy of the method2 function around and everybody uses it. With the older style, every single instance has its own separate method2.
-
Need url parameter "read" so it gets embedded into a buy-link
requinix replied to mac007's topic in Javascript Help
But apparently you didn't read the second sentence on the page. -
That is an IP address. It's called IPv6.
-
Need url parameter "read" so it gets embedded into a buy-link
requinix replied to mac007's topic in Javascript Help
MDN has something useful. -
Well, if you're just doing this for yourself then by all means, go ahead and experiment around with it. Rewrite what? PDO is one of the best database APIs available...
-
Either https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_datediff or https://www.php.net/manual/en/class.datetime.php
-
Do you actually have an "S_POST" array?
-
Apparently the author of whatever PHP language server extension you're using decided that their list would show deprecated items and give you the choice of whether you used them. If you don't like that, see if there's a setting to hide them.
-
Here's part of a regular expression-based find and replace for you: function capitalizeWords(str) { return str.replace(/(^|[\s.-])([a-z])/g, function(???) { return ???; }); } It checks for all letters at the beginning of the string, or after spaces, periods, or hyphens, then gives each result to a function. Your tasks are to: 1. Fill in the arguments. The first argument is the whole thing matched, the second is the space or period or whatever that was matched before the letter, and the third is the letter to capitalize. 2. Return the string to replace at that position. Note that it will replace the entire string matched, not just the letter.
-
Trying to Send credentials to an IP camera
requinix replied to AndyLasers's topic in PHP Coding Help
Digest authentication is rather complicated. Do you have any way to change the authentication system it wants to use? Perhaps to "Basic"? -
Exactly my point.